readme.html

用于squid mysql 验证的软件 这样squid的帐户就可以放到mysql了

<HTML>
<HEAD>
<TITLE>mysql_auth readme</TITLE>
<!--
    this readme file was created based on readme.html of MSNT authenticator,
    author Antonino Ianella
-->
<STYLE TYPE="text/css">
	body {
		background-color: white;
		color: #505050;
		font-family: Arial, Helvetica, sans-serif;
		font-size: 14px;
	}
	a {
		text-decoration: none;
		color: #0069B3;
	}
	a:hover {
		text-decoration: underline;
	}
	pre {
		background-color: #DFDFDF;
		padding: 10px;
	}
</STYLE>
</HEAD>
<BODY>

<H1>
mysql_auth v0.7<BR>
Squid HTTP proxy MySQL authentication module<BR>
Ervin Hegedus<BR>
Wed Sep 09 23:00:00 CET 2004<BR>
</H1>

<H2>Contents</H2>

<UL>
<LI> <A HREF="#introduction">Introduction</A>
<LI> <A HREF="#installation">Installation</A>
<LI> <A HREF="#createdb">Create database</A>
<LI> <A HREF="#compiling">Issues when compiling</A>
<LI> <A HREF="#configuration">Configuration file</A>
<LI> <A HREF="#squid">Squid.conf changes</A>
<LI> <A HREF="#testing">Testing</A>
<LI> <A HREF="#contact">Contact details</A>
</UL>

<A NAME="introduction"><H2>Introduction</H2></A>

<P>
This is an authentication module for the Squid proxy server
to authenticate users on an mysql database.
The database is a single table, and the table is a very
simple user-password pair, with plain or encrypted passwords.

<BR>
There is a utility, called by mypasswd. With this you can add a new user to your pasword database,
update it or delete from. It uses the configuration file, what mysql_auth.

<P>
Usage is simple. It accepts a username and password on standard input.
It will return OK if the username/password is valid,
or ERR if there was some problem.
Check syslog messages for reported problems.

<P>
<b>mypasswd</b> is also a very simple program: simply type mypasswd with no arguments, and it gives you
help about itself. Note, these are the examples about it:
<PRE>
shell> mypasswd user password
</PRE>
add a new user if it doesn't exist, or update its password.
This form of mypasswd also makes it:
<PRE>
shell> mypasswd user
Enter NEW password:
Re-enter NEW password:
Password record ADDED succesfully.
</PRE>
And you can delete a user from database, like this:
<PRE>
shell> mypasswd -d user
</PRE>
<!--<P>
<b>mypasswd</b> has a CGI format, it is called by <b>mypasswd.cgi</b> Fom more info, please visit
the <a href="http://people.arxnet.hu/airween/mypasswd/index.html">projects webpage</a>.
</P> -->
mysql_auth is released under the GNU General Public License and
is available from 
<A HREF="http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.7.tar.gz">http://people.arxnet.hu/airween/mysql_auth/</A>.
<P>
Mysql_auth tested with MySQL 3.23, 4.0.XX, on Linux and FreeBSD os's.

<A NAME="installation"><H2>Installation</H2></A>

<P>
Make any changes to the source code you need. For example, set up correctly place of configuration file.
See that in define.h.

<P>
Review the Makefile, and modify based on target platform or
site requirements. Setting up the mysql.h header and libmysqlclients.a places. Setting up your squid user
and group accounts, and squid root directory.<br>
<B><FONT COLOR="RED">Setting up correctly the permissions of mysql_auth.conf (mode 600)!<BR>
This is very important! This file included a mysql account,
with select, update, insert and delete privileges!</B>
<BR>
<B>
Also very important: if you use mysql.log, be very carefull! It contains all transactions!
For example:</FONT>
<BR>
<PRE>
	52 Query       UPDATE data SET password = password ("1234") WHERE user LIKE 'airween'
</PRE>
</B>
<P>
After when you edit what you want, type 'make', then 'make install', then 'make clean'.

<P>
'Make install' will put 'mysql_auth' into
/usr/local/squid/libexec default, and 'mysql_auth.conf' to /usr/local/squid/etc.

<A NAME="createdb"><H2>Create database</H2></A>
<P>
For store user and password pairs, you need a database, like mysql.
It is very simple, one-table database. For create it, you need to run
create_script from path/to/your/source/scripts directory.

<P>
You can create it like this:
<BR>
<PRE>
shell> cd path/to/mysql_auth-source/scripts
shell> mysql -u your_user_name -p &lt; create_script
Enter password: &lt;type your password&gt;
</PRE>
To add a user:
<PRE>
shell> mysql -u your_user_name -p mysql_auth
Enter password:
Welcome message...

mysql> insert into data (user, password) values ('joeav', 'joespass');
Query OK, 1 row affected (0.00 sec)

mysql>
</PRE>
or if you want to store your passwords in encrypted format:
<PRE>
shell> mysql -u your_user_name -p mysql_auth
Enter password:
Welcome message...

mysql> insert into data (user, password) values ('joeav', password("joespass"));
Query OK, 1 row affected (0.00 sec)

mysql>
</PRE>

Or try mypasswd:
<PRE>
shell> mypasswd joeav joespass
</PRE>

That's it!
<P>
Note: if you set up in mysql_auth.conf the encrypt_password_form to 'yes', <B>mypasswd</B> also
uses encrypt form.
</P>
<P>
Hopefully nobody has problems compiling mysql_auth, and create_script.

<A NAME="compiling"><H2>Issues when compiling</H2></A>

<P>
The Makefile uses the GCC compiler, and assumes that it is in the current PATH.
Mysql_auth is known to compile properly on Debian Linux 3.1
without problems. Other operating systems are untested,
but use a recent copy of the GNU C compiler.
<P>
Problem occur, when you can't setting up mysql header and/or library correctly.<br>
Other, if you use MySQL 4.0 or above, may be you need to use in CFLAGS <b>-lz</b> at last.

<A NAME="configuration"><H2>Configuration file</H2></A>

<P>
Mysql_auth uses a configuration file. It reads just every startup, not every query.
The file is /usr/local/squid/etc/mysql_auth.conf.
If this path needs to be changed, see define.h.

<PRE>
  #define CONFIG_FILE   "/usr/local/squid/etc/mysql_auth.conf"
</PRE>

<P>
An example configuration file is provided. It looks like

<PRE>
hostname	localhost
# FQDN hostname or IP address.
# if you use it on localhost, and don't use tcp-network to
# connect it (use a UNIX socket), you have to set up the
# mysqld_socket parameter - see below

user		squid
# mysql user name - mysql administrator sets up.

password	squid
# password of mysql user - mysql administrator sets up.

database	mysql_auth
# mysql database on mysql server - a unique name.

mysqld_socket	/tmp/mysqld.sock
# absolute path of mysql daemon socket
# need it, if you use mysqld through UNIX socket, not INET socket
# see skip-networking option in my.cnf, the main configuration file
# of mysql

table		data
# table name in mysql database - contents two couloms, user and password.
# The password store in plain or encrypt format, and of course, case sensitive.

user_column     user
# column name where username exists.

password_column password
# password name where passwords exists.

encrypt_password_form	no
# if you want to store your passwords in encrypted form
# this is case insensitive; 'YES' and 'yes' is same
</PRE>
<P>
These values are defaults, when you don't set other, mysql_auth wants to work with these.

<P>
All comments start with '#'.
Empty line allowed.

<P>
When a user provides a username/password, mysql_auth querys from mysql server.
It stops after a user has been successfully authenticated.
Make sure the server can be reached and
is active, or else mysql_auth will return all with errors!

<A NAME="squid"><H2>Squid.conf changes</H2></A>

<P>
Refer to Squid documentation for the required changes to squid.conf.
You will need to set the following lines to enable authentication for
your access list -

<PRE>
  acl &lt;yourACL&gt; proxy_auth REQUIRED
  http_access allow password
  http_access allow &lt;yourACL&gt;
  http_access deny all
</PRE>

<P>
You will also need to review the following directives. The number of
mysql_auth children spawned is set with authenticate_children.
The number of children needed is site-dependent, so some
experimentation may be required to find the best number.

<PRE>
  auth_param basic realm Squid proxy server
  auth_param basic program /usr/local/squid/libexec/mysql_auth
  auth_param basic credentialsttl 5
  auth_param basic children 5
</PRE>

<A NAME="testing"><H2>Testing</H2></A>

<P>
I strongly urge that mysql_auth is tested prior to being used in a 
production environment. It may behave differently on different platforms.
To test it, run it from the command line. Enter username and password
pairs separated by a space.

<P>
It should behave in the following way -
<PRE>
 - Press ENTER to get an OK or ERR message.
 - Make sure pressing CTRL-C aborts the program.
 - Test that entering no details does not result in an OK or ERR message.
 - Test that entering an invalid username and password results in
   an ERR message.
 - Test that entering an valid username and password results in an OK message.
</PRE>

<P>
Usernames cannot have whitespace in them, passwords can.
</P>
<P>
If you have any problem until you test it, see your <b>syslog</b> for details.

<A NAME="contact"><H2>Contact details</H2></A>

<P>
To contact the maintainer of this package, email Ervin Hegedus
at <a href="mailto:airween@n.o.s.p.@.m.arxnet.hu">airween a.t arxnet d.o.t hu</a>.

<P>
Also I have a nice mailing list:&nbsp;<a href="https://lists.fsn.hu/mailman/listinfo/mysql-auth">https://lists.fsn.hu/mailman/listinfo/mysql-auth</a>

<P>
Good Luck! :)
</BODY>
</HTML>